A simple script - login isn't working

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

A simple script - login isn't working

Post by toasty2 »

I whipped up this little script and I've looked over it many times, I can't figure out why its not working as intended.

Its a script to be used for logging in and editing a text file which is to be included by another page. But, after logging in its taking me back to the login form part even though it should have authenticated me and let me edit the file.

Code: Select all

<?php session_start();

if ($_SESSION['auth'] != true)
{
	exit('<form action="?a=login" method="post">
	Username: <input type="text" name="username" /><br />
	Password: <input type="password" name="password" /><br />
	<input type="submit" value="Login" />
	</form>');
}

if($_GET['a']=='login')
{
	if($_POST['username']=='username' and $_POST['password']=='password')
	{
		$_SESSION['auth'] = true; header('Location: edit.php'); exit;
	}
	else
	{
		$_SESSION['auth'] = false; header('Location: edit.php'); exit;
	}
}
elseif($_GET['a']=='logout')
{
	session_destroy();
	exit('You are now logged out.');
}
elseif($_GET['a']=='edit' and !empty($_POST['text']))
{
	file_put_contents('file.txt',$_POST['text']); exit;
}
?>

<form action="?a=edit" method="post">
<textarea name="text" cols="6" rows="12" />
<input type="submit" value="Edit" />
</form>
User avatar
churt
Forum Commoner
Posts: 39
Joined: Wed Oct 04, 2006 9:59 am

Order of Conditions

Post by churt »

It appears to be the order of the if conditions. Try the following. I also added "</textarea>" in the text form as it can cause issues without it. Hope this helps.

Code: Select all

<?php session_start();

if($_GET['a']=='login')
{
        if($_POST['username']=='username' and $_POST['password']=='password')
        {
                $_SESSION['auth'] = true; header('Location: edit.php'); exit;
        }
        else
        {
                $_SESSION['auth'] = false; header('Location: edit.php'); exit;
        }
}
elseif($_GET['a']=='logout')
{
        session_destroy();
        exit('You are now logged out.');
}
elseif($_GET['a']=='edit' and !empty($_POST['text']))
{
        file_put_contents('file.txt',$_POST['text']); exit;
}

if ($_SESSION['auth'] != true)
{
        exit('<form action="?a=login" method="post">
        Username: <input type="text" name="username" /><br />
        Password: <input type="password" name="password" /><br />
        <input type="submit" value="Login" />
        </form>');
}

?>

<form action="?a=edit" method="post">
<textarea name="text" cols="6" rows="12" /></textarea>
<input type="submit" value="Edit" />
</form>
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

You are a little exit() happy and could use some work in the structured programming dept. After a redirect is one of the few places where exit() is used.

I would recommend not having the login/logout and the editing on the same page. You semi-agree with that because you redirect to edit.php even though you have editing code here. Keep the login/logout code on this page and code edit.php separately.

Something like this:

Code: Select all

<?php
session_start();

if(isset($_POST['a'])) {
	if ($_POST['a']=='logout') {
		$_SESSION['auth'] = false; 
		echo 'You are now logged out.';
	} else {
		if(($_POST['username']=='username') && ($_POST['password']=='password')) {
			$_SESSION['auth'] = true; 
			session_write_close();
			header('Location: edit.php');
			exit;
		}
	}
}

if (isset($_SESSION['auth']) && ($_SESSION['auth'] == true))
{
	echo '<form action="" method="post">
	<input type="hidden" name="a" value="logout"/>
	<input type="submit" value="Logout" />
	</form>';
} else {
	echo '<form action="" method="post">
	<input type="hidden" name="a" value="login"/>
	Username: <input type="text" name="username" /><br />
	Password: <input type="password" name="password" /><br />
	<input type="submit" value="Login" />
	</form>';
}
(#10850)
Post Reply